14 DAY TRIAL // A company based in Lithuania that offers free web hosting services seems to be the top choice for individuals running Steam phishing scams, as over 90% of the fraudulent pages originate from its servers.
Netcraft, a company from UK providing phishing alert services, says that in March it blocked more than 1,400 phishing pages on 331 websites, most of them being hosted by Hostinger.
One fraudulent page is active since last year
One of the reasons making Hostinger's free offer appealing to fraudsters is that there are no banners or ads, which raises no suspicion to the visitor.
The names selected by the crooks for the domains with the phishing pages are deliberately misspelled to appear as if they are the legitimate location for the Steam community.
Some of the examples offered by Netcraft include “steamcommuniity.hol.es” and “steamcomcoomity.16mb.com,” the latter still being active (since last year), although web browsers display a phishing warning to the user, preventing landing on it by mistake.
Scammers may be working together
Paul Mutton from Netcraft said in a blog post on Tuesday that the popularity of Hostinger with the Steam fraudsters alone is uncommon.
“While Hostinger was used to host over 90% of all Steam phishing URLs, it hosted only 0.6% of all other phishing attacks that were blocked during March,” Mutton says.
He alleges that this may be accounted by the fact that the scammers work together or simply copy the methods from one another.
Free hosting providers are preferred by operators of phishing scams because they do not generate a financial trail that could lead to them; but in the case of Hostinger, the incentive goes beyond this, as the company also makes available support for PHP, a scripting language used for creating almost all phishing kits.
Combined with the fact that no advertisements are shown on the pages, Hostinger becomes a rather obvious choice for phishing scams.